Title: Malware hit in init.php (from uncode theme)
Last modified: December 10, 2023

---

# Malware hit in init.php (from uncode theme)

 *  Resolved [JHuser](https://wordpress.org/support/users/jasperhartog/)
 * (@jasperhartog)
 * [2 years, 5 months ago](https://wordpress.org/support/topic/malware-hit-in-init-php-from-uncode-theme/)
 * Only recently I got the following hit using wordfence scan on my website that
   uses the uncode theme
    - **Bestandsnaam: **/data/sites/web/atelierwalstraatnl/www/wp-content/themes/
      uncode/core/plugins_activation/init.php
    - **Bestandstype: **Geen core thema of plugin bestand van wordpress.org.
    - **Details: **Dit bestand lijkt te zijn geïnstalleerd of gewijzigd door een
      hacker om kwaadwillende activiteiten uit te voeren. Als je dit bestand kent,
      kun je ervoor kiezen om het te negeren om het uit te sluiten van toekomstige
      scans. De overeenkomende tekst in dit bestand is: **( isset( $value ) && is_object(
      $value ) ) {\x0a unset($value->response[ ‘js_composer/js_composer.php**
      Het
      probleemtype is: **Suspicious:PHP/anti-antiupdates.A.14052**Beschrijving: **
      Routine used to hide available update notifications**
 * I looked at the file and compared it with my original theme file from the first
   install and with concern to the marker text:  **( isset( $value ) && is_object(
   $value ) ) {\x0a unset($value->response[ ‘js_composer/js_composer.php**” it was
   exactly the same.
 * When i changed the file for a new version from either the old uncode download
   as well as a new uncode download wordfence gives the same results and marks the
   file as having malware.
 * Is this a false positive hit and can I neglect it?
 * Deleting the file completely is not an option as it results in a crash of my 
   website.
 * thanks in advance,
 * regards,
 * JH

Viewing 5 replies - 1 through 5 (of 5 total)

 *  [maxidavis](https://wordpress.org/support/users/maxidavis/)
 * (@maxidavis)
 * [2 years, 5 months ago](https://wordpress.org/support/topic/malware-hit-in-init-php-from-uncode-theme/#post-17268000)
 * Having the same issue and asking myself if this is a false positiv. Following
 *  [lprdesigns](https://wordpress.org/support/users/lprdesigns/)
 * (@lprdesigns)
 * [2 years, 5 months ago](https://wordpress.org/support/topic/malware-hit-in-init-php-from-uncode-theme/#post-17268344)
 * Also seeing this. Following
 *  Plugin Support [wfmark](https://wordpress.org/support/users/wfmark/)
 * (@wfmark)
 * [2 years, 5 months ago](https://wordpress.org/support/topic/malware-hit-in-init-php-from-uncode-theme/#post-17269019)
 * Hi [@jasperhartog](https://wordpress.org/support/users/jasperhartog/), thanks
   for reaching out.
 * The init.php file Wordfence  flagged does match the malware signature we have
   in place to detect any custom code that prevents update notifications which we
   strongly recommend against. 
 * The developers of uncode have an explanation for this here: [https://support.undsgn.com/hc/en-us/articles/14741976929693-Wordfence-false-positive](https://support.undsgn.com/hc/en-us/articles/14741976929693-Wordfence-false-positive)
 * You can choose to Ignore the scan result but you will need to manually check 
   for theme updates as the code will not allow update notifications.
 * Hope this helps,
 * Thanks,
 * Mark.
 *  [maxidavis](https://wordpress.org/support/users/maxidavis/)
 * (@maxidavis)
 * [2 years, 5 months ago](https://wordpress.org/support/topic/malware-hit-in-init-php-from-uncode-theme/#post-17270764)
 * [@wfmark](https://wordpress.org/support/users/wfmark/) so in other words, we 
   can safely ignore the warning and need to manually check for theme related updates.
 *  [Freckletron](https://wordpress.org/support/users/elainestam/)
 * (@elainestam)
 * [2 years, 2 months ago](https://wordpress.org/support/topic/malware-hit-in-init-php-from-uncode-theme/#post-17470321)
 * Whew! Have this theme on like 25 sites and was SWEATING over this alert.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Malware hit in init.php (from uncode theme)’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

 * 5 replies
 * 4 participants
 * Last reply from: [Freckletron](https://wordpress.org/support/users/elainestam/)
 * Last activity: [2 years, 2 months ago](https://wordpress.org/support/topic/malware-hit-in-init-php-from-uncode-theme/#post-17470321)
 * Status: resolved